Apache Guacamole 1.1.0 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability


Apache Guacamole 1.1.0 suffers from exposure of sensitive information to an unauthorized actor vulnerability


The information has been provided by Mike Jumper

The original article can be found at:https://lists.apache.org/thread.html/r066543f0565e97b27c0dfe27e93e8a387b99e1e35764000224ed96e7@%3Cuser.guacamole.apache.org%3E


Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection.


Vulnerable Systems:

Apache Guacamole 1.1.0


CVE Information:



Disclosure Timeline:
Published Date:7/2/2020

Categories: FeaturedNews